VIO Player.exe

Vioplayer

InstallX, LLC

Part of an InstallX (InstallIQ) installation, a PUP that may bundle additional adware on the computer. The application VIO Player.exe by InstallX has been detected as adware by 23 anti-malware scanners. According to Malwarebytes, this bundles additional adware offers via PlayPickle including toolbars such as Inbox.com, Babylon, Price Gong, Sendori, Price Peep and many others. PlayPickle uses the InstallIQ (InstallX) download manager to distribute such offers. The file has been seen being downloaded from dl5.iq7download.com.
Publisher:
Shlemoon Media Inc  (signed by InstallX, LLC)

Product:
Vioplayer

Version:
2.133.0.0

MD5:
004cfa9c2cbca81883a7f2447f570af5

SHA-1:
e6a6692a2c0b568f200621e04ea4e9fabd8d513d

SHA-256:
378528b9012351777e138952df8b0933e6e6f92d2e99d2c45e0a3499cd815165

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Analysis date:
10/18/2021 3:15:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.InstallIQ.B
1141

Avira AntiVirus
Adware/InstallIQ.N
7.11.98.96

AVG
Skodna.Generic_r
2014.0.3643

Bitdefender
Adware.InstallIQ.B
1.0.20.1770

Bkav FE
W32.Clodac9.Trojan
1.3.0.4562

Boost by Reason
Adware.InstallX.K
2013.8.28.14

Comodo Security
Application.Win32.InstallIQ.B
17332

Dr.Web
Adware.W3i.32
9.0.1.0330

Emsisoft Anti-Malware
Adware.InstallIQ
8.13.12.20.05

ESET NOD32
Win32/InstallIQ (variant)
7.8778

Fortinet FortiGate
Adware/Fam.NB
12/20/2013

F-Secure
Adware.InstallIQ.B
11.2013-20-12_6

G Data
Adware.InstallIQ
13.12.22

herdProtect (fuzzy)
2013.12.20.17

IKARUS anti.virus
AdWare.InstallIQ
t3scan.2.0.127

K7 AntiVirus
Riskware
13.170.9394

Malwarebytes
PUP.PlayPickle
v2013.12.20.05

McAfee
Artemis!004CFA9C2CBC
5600.7181

MicroWorld eScan
Adware.InstallIQ.B
14.0.0.1062

Reason Heuristics
PUP.InstallX.K
14.8.7.17

Sophos
InstallQ
4.91

Trend Micro House Call
TROJ_GEN.F47V0816
7.2.330

VIPRE Antivirus
InstallIQ Installer
21312

File size:
1.8 MB (1,907,792 bytes)

Product version:
2.133.0.0

Copyright:
Shlemoon Media Inc

Original file name:
VIO Player.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vio player.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
3/21/2013 5:00:00 PM

Valid to:
3/26/2014 5:00:00 AM

Subject:
CN="InstallX, LLC", O="InstallX, LLC", L=Sartell, S=Minnesota, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
030985B5A39F75A13A497DAB8BF611F7

File PE Metadata
Compilation timestamp:
8/13/2013 12:07:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:fzWJ69qM6xE3IFu8jUIlYWM5ptIT8hdiUrT8mEdzvw1coPF/BJhFvvtg+N/9ppAm:fiHycM1+7dzvw1coPFTvS+pHpA6TrvK6

Entry address:
0xEEE9

Entry point:
E8, 65, 88, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, 5E, 57, 00, E8, A1, 47, 00, 00, E8, 69, 6A, 00, 00, 0F, B7, F0, 6A, 02, E8, F8, 87, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 85, 64, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.6912

Code size:
1.2 MB (1,256,448 bytes)

The file VIO Player.exe has been seen being distributed by the following URL.

Remove VIO Player.exe - Powered by Reason Core Security